Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (36): 25-28.

• 博士论坛 • Previous Articles     Next Articles

Method for layering components towards structured protection

GAI Xinmao1,2,SHEN Changxiang2,3,LI Yong2,4,LIU Yi3   

  1. 1.School of Computer,National University of Defense Technology,Changsha 410073,China
    2.School of Computer,Beijing University of Technology,Beijing 100022,China
    3.Computing Technology Research Institute of Navy,Beijing 100141,China
    4.Institute of Electronic Technology,Information Engineering University,Zhengzhou 450004,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-12-21 Published:2011-12-21

一种面向结构化保护的组件层次划分方法

盖新貌1,2,沈昌祥2,3,李 勇2,4,刘 毅3   

  1. 1.国防科学技术大学 计算机学院,长沙 410073
    2.北京工业大学 计算机学院,北京 100022
    3.海军计算技术研究所,北京 100141
    4.信息工程大学 电子技术学院,郑州 450004

Abstract: It is stated in GB17859-1999 that the fourth level security information system must implement structured protection function,to which the availability way is dividing the system into different layers.Based on the ideology of Trusted Computing,by modeling the root of trust as the minimal element of a partial order set and using related knowledge about the complete partial order in set theory,a method for layering components of a system is proposed via dependencies between them,followed by the proof of the completeness of the method.Further discussion also shows that the method can be employed in many other aspects of strengthening the system’s security.

Key words: structured protection, layering method, trusted computing, complete partial order, dependency

摘要: GB17859-1999中要求四级以上安全操作系统必须实现结构化保护功能,而层次化方法是实现结构化保护的一个有效途径。基于可信计算思想,将可信根抽象为偏序集中的最小元,利用集合论中完全偏序集的相关知识,通过组件间的依赖关系,提出了一种组件层次划分方法,并证明了层次划分方法的完备性。进一步分析表明,该方法能有效应用于增强系统安全性的研究。

关键词: 结构化保护, 层次化方法, 可信计算, 完全偏序集, 依赖